DAST

Dynamic Analysis Security Testing looks at an application’s behavior while it runs. There are several practices that fall under DAST. Vulnerability assessment identifies the threats to the organization’s assets and recommends and prioritizes remediation strategies.

PenTesting

The most aggressive form of DAST is penetration testing or pentesting. There are two approaches to pentesting:

  • In black-box or external testing the auditor accesses the network from a remote location and is not aware of any internals beforehand. Essentially, the auditor is in the same position as an attacker.
  • In white-box or internal testing the auditor gets access to information about the system’s internals.

Pentesting goes beyond vulnerability assessment and moves into exploitation, privilege escalation and maintaining access.


Previous: Threat Model

Please Join the Discussion

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s